<?php
/*
 *      shop.php
 *      
 *      Copyright 2011 unro <unro.ua@gmail.com>
 *      
 *      This program is free software; you can redistribute it and/or modify
 *      it under the terms of the GNU General Public License as published by
 *      the Free Software Foundation; either version 2 of the License, or
 *      (at your option) any later version.
 *      
 *      This program is distributed in the hope that it will be useful,
 *      but WITHOUT ANY WARRANTY; without even the implied warranty of
 *      MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *      GNU General Public License for more details.
 *      
 *      You should have received a copy of the GNU General Public License
 *      along with this program; if not, write to the Free Software
 *      Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
 *      MA 02110-1301, USA.
 */ 
 
include ("../session.php");
Openconn();

$uid = $_SESSION["uid"]; 

$itemid = trim(mysql_escape_string($_POST['itm']));
settype($itemid, "integer");
$charid = trim(mysql_escape_string($_GET['chr']));
settype($charid, "integer");
$itmid = trim(mysql_escape_string($_GET['itm']));
settype($itmid, "integer");
$buy = trim(mysql_escape_string($_GET['buy']));
settype($byu, "integer");
if($buy!=1) {
	if($itmid=="") {
		if($itemid=="") { ?>
			<form method="post" action="?do=store">
			<div align="center" style="padding:5px;">
			<b>ID предмета</b>
			<br>
			<input name="itm" type="text" size="5" maxlength="8">
			<input type="submit" value="Купить">
			<br>
			<p style="font-size: 11px; color: orange;">Если вы не знаете где и как найти <b><i>id</b></i> интересующего вас предмета то <a href=".">прочитайте статью</a> как это сделать.</p>
			</div>
			</form>
			<?php 
		} else {
			SelectDB(char);
			$select = mysql_query("SELECT `guid`,`name` FROM `characters` WHERE `account`='$uid'");
			echo "<center>";
			echo "Выберите персонажа<br>";
				while($chars = mysql_fetch_array($select)) {
					echo "<a href=?do=store&itm=$itemid&chr=".$chars['guid'].">".$chars['name']."</a><br>";
				}
			mysql_free_result($select);
			echo "</center>";
		}
	} else {
		if(chechitem($itmid)) {
			$itemarray = mysql_fetch_array(getiteminfo($itmid));
			echo "<center>";
			echo "Выбран предмет: <b>".$itemarray['name']."</b><br>";
			echo "Цена предмета: <b>".$itemarray['price']."</b><br>";
			echo "<input type='button' onclick=location.href='?do=store&itm=$itmid&chr=$charid&buy=1' value='Купить'>";
			echo "</center>";
		} else echo "<center><b>Этот предмет невозможно купить!</b></center>";
	}
} else buyitem($itmid, $charid);
?>